Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-4034

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jul, 2015 | 14:00
Updated At-06 Aug, 2024 | 06:04
Rejected At-
Credits

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jul, 2015 | 14:00
Updated At:06 Aug, 2024 | 06:04
Rejected At:
▼CVE Numbering Authority (CNA)

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-15-256/
x_refsource_MISC
http://www.securityfocus.com/bid/75403
vdb-entry
x_refsource_BID
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-256/
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/75403
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-15-256/
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/75403
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-256/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75403
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Jul, 2015 | 14:59
Updated At:12 Apr, 2025 | 10:46

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.9HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.9
Base severity: HIGH
Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Samsung
samsung
>>galaxy_s5>>-
cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/75403cve@mitre.org
N/A
http://www.zerodayinitiative.com/advisories/ZDI-15-256/cve@mitre.org
N/A
http://www.securityfocus.com/bid/75403af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.zerodayinitiative.com/advisories/ZDI-15-256/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/75403
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-256/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75403
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-256/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found
CVE-2022-28778
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.58%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_security_supporterSamsung Security Supporter
CWE ID-CWE-284
Improper Access Control
CVE-2022-28775
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.87%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_flowSamsung Flow
CWE ID-CWE-284
Improper Access Control
CVE-2021-25446
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.62%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2021-25447
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.03%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2021-25431
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidcameralyzerCameralyzer
CWE ID-CWE-284
Improper Access Control
CVE-2021-25463
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.66%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 18:05
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-penupPENUP
CWE ID-CWE-284
Improper Access Control
CVE-2016-4030
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6galaxy_s4_firmwaregalaxy_s6_firmwaregalaxy_s4_mini_lte_firmwaregalaxy_note_3galaxy_s4_minigalaxy_s4galaxy_s4_mini_ltegalaxy_s4_mini_firmwaregalaxy_note_3_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-42542
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.09% / 26.11%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-push_serviceSamsung Push Service
CWE ID-CWE-284
Improper Access Control
CVE-2023-42540
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-accountSamsung Account
CWE ID-CWE-284
Improper Access Control
CVE-2022-24923
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-searchwidgetSearchWidget
CWE ID-CWE-284
Improper Access Control
CVE-2022-24930
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 39.74%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-wear_osSamsung Wearable Devices
CWE ID-CWE-284
Improper Access Control
CVE-2019-6744
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.74%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:15
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.

Action-Not Available
Vendor-Samsung
Product-galaxy_s9knoxKnox
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2022-36867
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.76%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-editor_liteEditor Lite
CWE ID-CWE-284
Improper Access Control
CVE-2023-21493
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2022-28542
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.47%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-28777
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.42%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-membersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2022-27838
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycameraFactoryCamera
CWE ID-CWE-284
Improper Access Control
CVE-2022-25824
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-bixby_touchBixbyTouch
CWE ID-CWE-284
Improper Access Control
CVE-2022-24924
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.2||LOW
EPSS-3.84% / 87.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-livewallpaperserviceLiveWallpaper
CWE ID-CWE-284
Improper Access Control
CVE-2022-39910
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-284
Improper Access Control
CVE-2022-39875
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-284
Improper Access Control
CVE-2018-10500
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7||HIGH
EPSS-0.05% / 13.62%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.

Action-Not Available
Vendor-Samsung
Product-galaxy_appsSamsung Galaxy Apps
CWE ID-CWE-284
Improper Access Control
CVE-2022-39864
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.21% / 42.83%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CVE-2021-25448
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:44
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_touch_callSmart Touch Call
CWE ID-CWE-284
Improper Access Control
CVE-2021-25349
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:09
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidslow_motion_editorSlow Motion Editor
CWE ID-CWE-284
Improper Access Control
CVE-2021-25439
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 17.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2021-25405
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-284
Improper Access Control
CVE-2022-39889
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxywatch4pluginGalaxyWatch4Plugin
CWE ID-CWE-284
Improper Access Control
CVE-2022-36866
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidgroup_sharingGroup Sharing
CWE ID-CWE-284
Improper Access Control
CVE-2021-25440
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:48
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycamerafbFactoryCameraFB
CWE ID-CWE-284
Improper Access Control
CVE-2021-25438
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • Next
Details not found